tribunal
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for agents to execute verification commands (such as test runners or linters) to audit deliverables. This capability is a core part of the quality assurance process and is scoped by the orchestrator agent who defines the criteria before the work is performed, ensuring commands are verified before execution.
- [DATA_EXFILTRATION]: There is no evidence of unauthorized data transfer. The skill manages its internal state using a
.tribunal/directory and explicitly instructs the orchestrator to gitignore this folder to ensure that temporary audit logs and working files remain local to the execution environment. - [PROMPT_INJECTION]: The skill operates on an indirect prompt injection surface by evaluating data produced by other agents. It mitigates this via mandatory design invariants described across the documentation:
- Ingestion points: The orchestrator and verifiers ingest artifacts, diffs, and doer reports as described in
SKILL.mdandreferences/consensus-mechanics.md. - Boundary markers: It enforces strict 'context walls' where verifiers run in independent sessions without access to the builder's reasoning, self-assessments, or other reviewers' scores.
- Capability inventory: Agents possess the capability to perform file reads, directory management, and shell command execution for testing and verification purposes.
- Sanitization: The 'evidence-anchored' rule mandates that all scoring claims include verbatim quotes or file:line references that are grep-checked against the source artifact, preventing agents from being influenced by instructions potentially embedded within the artifact content.
Audit Metadata